Connect with us

Hi, what are you looking for?



Qualys Extends Vulnerability Management Solution To Amazon Web Services

SAN FRANCISCO –  Cloud-based security and risk management solutions provider Qualys, on Monday, announced new vulnerability management capabilities for users of certain Amazon Web Services (AWS) offerings.

SAN FRANCISCO –  Cloud-based security and risk management solutions provider Qualys, on Monday, announced new vulnerability management capabilities for users of certain Amazon Web Services (AWS) offerings.

The solution utilizes the QualysGuard connector and Amazon APIs to automate the discovery and tracking of assets in Amazon Elastic Compute Cloud (Amazon EC2) and Amazon Virtual Private Cloud (Amazon VPC) environments, and allows them to be automatically scanned for vulnerabilities, and provides reports giving customers visibility and control of security and compliance in their cloud environments.

Qualys Additionally, QualysGuard can now detect and synchronize changes to customers’ virtual machine instance inventories in the said AWS environments, also allowing the instances to be tracked over time, even as their IP addresses change, This, Qualys, says, allows security teams to automate vulnerability assessments using QualysGuard workflows. For example, assets can be scanned automatically after first discovery, on a regular calendar schedule, at intervals based upon each instance’s uptime, selectively based upon particular attributes of each instance, or some combination of factors, Qualys, said.

New capabilities announced by Qualys include:

Native AWS API connectors can be configured to connect QualysGuard to one or more AWS accounts to synchronize asset inventories from all AWS Regions and Amazon VPCs. Important instance attributes and contextual metadata are collected and updated as they change over time. Dynamic Asset Tags, which can drive or influence policies and reporting throughout QualysGuard, may be automatically assigned to assets as part of the import process. Attributes and contextual metadata about Amazon EC2 instances are also captured and available as data points to inform further Dynamic Asset Tagging within QualysGuard.

Vulnerability scanning, pre-authorized by Amazon. In collaboration with AWS, Qualys has built safeguards into a new Amazon EC2 Scanning capability within QualysGuard that help ensure that scanning will not inadvertently target other AWS customers’ instances and that all AWS policies for vulnerability scanning are adhered to. Based upon this, customers may scan at their convenience, as Amazon EC2 Scanning using QualysGuard has been pre-authorized by AWS, negating the need to obtain explicit permission from AWS before proceeding with scanning as is typically required.

Enhancements to the QualysGuard Virtual Scanner Appliance AMI (Amazon Machine Image) – Qualys now has a scanner release in AWS Marketplace designated as “Pre-Authorized” for use with the Amazon EC2 Scanning capability within QualysGuard that leverages the AWS API connection.

“Many organizations moving assets to cloud environments are lacking the tools to effectively manage security and assess their compliance posture,” said Philippe Courtot, chairman and CEO for Qualys. “Now, working with AWS and leveraging their open APIs, we are able to provide our customers with a comprehensive solution to address their security and compliance within AWS’s cloud environments.”

Advertisement. Scroll to continue reading.

The new AWS-focused features are available immediately for Qualys customers as part of their QualysGuard subscriptions. Subscriptions for QualysGuard run on an annual basis and start at $2,495 per year for 32 IPs. At least one QualysGuard Virtual Scanner Appliance license at $995 per year is required for internal network scanning functionality on AWS, the company said.

More information on QualysGuard for AWS is available here

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content


Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...


The latest Chrome update brings patches for eight vulnerabilities, including seven reported by external researchers.


Patch Tuesday: Microsoft warns vulnerability (CVE-2023-23397) could lead to exploitation before an email is viewed in the Preview Pane.


Apple has released updates for macOS, iOS and Safari and they all include a WebKit patch for a zero-day vulnerability tracked as CVE-2023-23529.

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...

IoT Security

A vulnerability affecting Dahua cameras and video recorders can be exploited by threat actors to modify a device’s system time.